× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 814e74e42d760b3f2ed66346156114122e7d2f9c209f9c51a97eb367e8d23d2b
Detection ratio: 35 / 68
Analysis date: 2018-02-15 07:30:33 UTC ( 1 year ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40124109 20180215
AegisLab Troj.Dropper.W32!c 20180215
ALYac Spyware.Banker.panda 20180215
Arcabit Trojan.Generic.D2643ECD 20180215
Avast FileRepMalware 20180215
AVG FileRepMalware 20180215
Avira (no cloud) TR/Crypt.ZPACK.pjspk 20180215
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180208
BitDefender Trojan.GenericKD.40124109 20180215
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20170201
Cybereason malicious.b8ef37 20180205
Cylance Unsafe 20180215
DrWeb Trojan.Inject3.1602 20180215
Emsisoft Trojan.GenericKD.40124109 (B) 20180215
Endgame malicious (high confidence) 20180214
ESET-NOD32 a variant of Win32/GenKryptik.BPYS 20180215
F-Secure Trojan.GenericKD.40124109 20180215
GData Win32.Backdoor.Zeus.3OV5SB 20180215
Ikarus Trojan-Spy.Zbot 20180214
Sophos ML heuristic 20180121
K7AntiVirus Trojan ( 005272fa1 ) 20180215
K7GW Trojan ( 005272fa1 ) 20180215
Kaspersky Trojan-Dropper.Win32.Macrodrop.dv 20180215
MAX malware (ai score=83) 20180215
McAfee Artemis!445A1663ADFA 20180215
McAfee-GW-Edition Artemis 20180215
eScan Trojan.GenericKD.40124109 20180215
Palo Alto Networks (Known Signatures) generic.ml 20180215
Sophos AV Troj/Zbot-LWY 20180215
Symantec Trojan.Gen.2 20180214
Tencent Suspicious.Heuristic.Gen.b.0 20180215
TrendMicro TSPY_ZBOT.THBAEAH 20180215
TrendMicro-HouseCall TSPY_ZBOT.THBAEAH 20180215
Webroot W32.Trojan.Gen 20180215
ZoneAlarm by Check Point Trojan-Dropper.Win32.Macrodrop.dv 20180215
AhnLab-V3 20180214
Alibaba 20180209
Antiy-AVL 20180215
Avast-Mobile 20180214
AVware 20180215
Bkav 20180212
CAT-QuickHeal 20180214
ClamAV 20180215
CMC 20180215
Comodo 20180215
Cyren 20180215
eGambit 20180215
F-Prot 20180215
Fortinet 20180215
Jiangmin 20180214
Kingsoft 20180215
Malwarebytes 20180215
Microsoft 20180215
NANO-Antivirus 20180215
nProtect 20180215
Panda 20180214
Qihoo-360 20180215
Rising 20180215
SentinelOne (Static ML) 20180115
SUPERAntiSpyware 20180215
Symantec Mobile Insight 20180215
TheHacker 20180213
TotalDefense 20180215
Trustlook 20180215
VBA32 20180214
VIPRE 20180215
ViRobot 20180215
WhiteArmor 20180205
Yandex 20180214
Zillya 20180214
Zoner 20180215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) 1995-2011 Nuance Communications, Inc.

Product Nuance OmniPage Capture SDK
Original name VTRESBRA.DLL
Internal name VTRESBRA.DLL
File version 18.0.11415.100
Description Visual Toolbox Resources
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-11-09 03:17:55
Entry Point 0x00005345
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
DirectInput8Create
Ord(11)
CreateSolidBrush
DeleteObject
GetStockObject
GetComputerNameA
GetOverlappedResult
WaitForSingleObject
GetDriveTypeA
DebugBreak
DeleteCriticalSection
VirtualLock
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
GetSystemTimeAsFileTime
SetThreadAffinityMask
GetStringTypeW
ResumeThread
GetLogicalDriveStringsA
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
SetLastError
ExitProcess
RemoveDirectoryA
SetProcessWorkingSetSize
GetPrivateProfileStringA
TlsGetValue
CreateMutexA
SetFilePointer
GlobalAddAtomW
CreateThread
VirtualUnlock
GetExitCodeThread
ConvertDefaultLocale
IsProcessorFeaturePresent
ExitThread
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetTickCount
TlsAlloc
VirtualProtect
GetVersionExA
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcessHeap
CompareStringW
FindFirstFileA
HeapValidate
GetTimeFormatA
GetTempFileNameA
GetProcessWorkingSetSize
FindNextFileA
GlobalMemoryStatus
GetProcessAffinityMask
CreateFileW
CreateEventA
TlsSetValue
CreateFileA
InterlockedIncrement
GetLastError
LCMapStringW
GetSystemInfo
GetConsoleCP
LCMapStringA
SizeofResource
CompareFileTime
LockResource
GetCurrentDirectoryA
GetCommandLineA
CancelIo
SuspendThread
RaiseException
CompareStringA
TlsFree
GetModuleHandleA
DeleteVolumeMountPointW
ReadFile
PulseEvent
CloseHandle
GetConsoleAliasExesLengthA
WideCharToMultiByte
GetLongPathNameA
IsBadReadPtr
FindResourceA
ResetEvent
GetMessageA
ReleaseDC
BeginPaint
PostQuitMessage
DefWindowProcA
ShowWindow
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
TranslateMessage
RegisterClassExA
SystemParametersInfoA
SendMessageA
GetClientRect
GetDCEx
CreateWindowExA
LoadCursorA
LoadIconA
GetKeyboardState
FillRect
ShowCursor
WaitForInputIdle
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Direct3DCreate8
CoCreateInstance
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ACCELERATOR 2
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
PORTUGUESE BRAZILIAN 5
ENGLISH US 1
PE resources
ExifTool file metadata
CodeSize
102400

SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
18.0.11415.100

LanguageCode
Portuguese (Brazilian)

FileFlagsMask
0x003f

FileDescription
Visual Toolbox Resources

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
20480

EntryPoint
0x5345

OriginalFileName
VTRESBRA.DLL

MIMEType
application/octet-stream

LegalCopyright
(c) 1995-2011 Nuance Communications, Inc.

FileVersion
18.0.11415.100

TimeStamp
2017:11:09 04:17:55+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
VTRESBRA.DLL

ProductVersion
18.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Nuance Communications, Inc.

LegalTrademarks
Nuance, ScanSoft, Recognita, OmniPage and OmniPage Capture SDK are registered trademarks of Nuance Communications, Inc. in the United States and/or other countries.

ProductName
Nuance OmniPage Capture SDK

ProductVersionNumber
18.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 445a1663adfa77afb32526117f263869
SHA1 76e7710b8ef37024c24c31d9a21578004d624d8d
SHA256 814e74e42d760b3f2ed66346156114122e7d2f9c209f9c51a97eb367e8d23d2b
ssdeep
3072:oHmmzsRt2FSrEYhwKB6rp7TvILp+rYtvk2rx/:o1sRoEYKB6rp7CJ

authentihash a4f17fc65716bd3a24fc8d0b261f2d86c3a2065a2a919ab2e3c608fdebe1ded2
imphash 9dc0723f8c1623c4bc997cbf88e70571
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-02-14 03:15:59 UTC ( 1 year ago )
Last submission 2018-02-14 15:22:40 UTC ( 1 year ago )
File names 2018-02-13-Zeus-Panda-Banker.exe
VTRESBRA.DLL
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs